5 matches found
CVE-2022-0992
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending...
CVE-2022-0992
The CVE-2022-0992 entry concerns the WordPress SiteGround Security plugin (versions up to 1.2.5). The vulnerability is an authentication bypass caused by missing identity verification during the initial 2FA setup, allowing unauthenticated users to configure 2FA for pending accounts and subsequent...
CVE-2022-0992 SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending...
WordPress SiteGround Security 1.2.5 Authentication Bypass
Description: Authentication Bypass via 2-Factor Authentication Setup Affected Plugin: SiteGround Security Plugin Slug: sg-security Plugin Developer: SiteGround Affected Versions: = 1.2.5 CVE ID: CVE-2022-0992 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...
WordPress SiteGround Security 1.2.5 Authentication Bypass Vulnerability
WordPress SiteGround Security plugin versions 1.2.5 and below suffer from an authentication bypass vulnerability as well as an authorization weakness in versions 1.2.4 and below. Description: Authentication Bypass via 2-Factor Authentication Setup Affected Plugin: SiteGround Security Plugin Slug:...